<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>OSS数据安全防护体系 | 技术小馆</title>
    <link href="https://cdn.staticfile.org/font-awesome/6.4.0/css/all.min.css" rel="stylesheet">
    <link href="https://cdn.staticfile.org/tailwindcss/2.2.19/tailwind.min.css" rel="stylesheet">
    <link href="https://fonts.googleapis.com/css2?family=Noto+Serif+SC:wght@400;500;600;700&family=Noto+Sans+SC:wght@300;400;500;700&display=swap" rel="stylesheet">
    <script src="https://cdn.jsdelivr.net/npm/mermaid@latest/dist/mermaid.min.js"></script>
    <style>
        body {
            font-family: 'Noto Sans SC', Tahoma, Arial, Roboto, "Droid Sans", "Helvetica Neue", "Droid Sans Fallback", "Heiti SC", "Hiragino Sans GB", Simsun, sans-serif;
            color: #333;
            line-height: 1.6;
        }
        h1, h2, h3, h4, h5, h6 {
            font-family: 'Noto Serif SC', serif;
            font-weight: 600;
        }
        .hero-gradient {
            background: linear-gradient(135deg, #1e3a8a 0%, #2563eb 50%, #3b82f6 100%);
        }
        .card-hover {
            transition: transform 0.3s ease, box-shadow 0.3s ease;
        }
        .card-hover:hover {
            transform: translateY(-5px);
            box-shadow: 0 20px 25px -5px rgba(0, 0, 0, 0.1), 0 10px 10px -5px rgba(0, 0, 0, 0.04);
        }
        .code-block {
            background: #282c34;
            border-left: 4px solid #3b82f6;
        }
        .mermaid-tooltip {
            position: absolute;
            background: white;
            padding: 8px;
            border-radius: 4px;
            box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
            z-index: 100;
            display: none;
        }
    </style>
</head>
<body class="bg-gray-50">
    <!-- Hero Section -->
    <section class="hero-gradient text-white py-24 px-4 md:px-0">
        <div class="container mx-auto max-w-6xl text-center">
            <div class="inline-block px-3 py-1 mb-6 rounded-full bg-white bg-opacity-20 text-sm font-medium">
                <i class="fas fa-shield-alt mr-2"></i>数据安全专题
            </div>
            <h1 class="text-4xl md:text-5xl font-bold mb-6 leading-tight">
                OSS数据安全防护体系
            </h1>
            <p class="text-xl md:text-2xl max-w-3xl mx-auto opacity-90 mb-8">
                构建多层次防护，确保企业核心数据资产的机密性、完整性与可用性
            </p>
            <div class="flex justify-center space-x-4">
                <a href="#importance" class="px-6 py-3 bg-white text-blue-800 font-semibold rounded-lg hover:bg-opacity-90 transition">
                    <i class="fas fa-info-circle mr-2"></i>了解重要性
                </a>
                <a href="#measures" class="px-6 py-3 border-2 border-white text-white font-semibold rounded-lg hover:bg-white hover:bg-opacity-10 transition">
                    <i class="fas fa-shield-virus mr-2"></i>防护措施
                </a>
            </div>
        </div>
    </section>

    <!-- Introduction -->
    <section class="py-16 px-4 md:px-0" id="importance">
        <div class="container mx-auto max-w-6xl">
            <div class="flex items-center mb-12">
                <div class="h-px bg-gray-200 flex-1"></div>
                <h2 class="text-3xl font-bold px-6 text-center">
                    <span class="text-blue-600">一、</span>OSS数据安全的重要性与挑战
                </h2>
                <div class="h-px bg-gray-200 flex-1"></div>
            </div>
            
            <div class="grid md:grid-cols-3 gap-8 mb-12">
                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <div class="w-12 h-12 rounded-full bg-red-100 text-red-600 flex items-center justify-center mb-4">
                        <i class="fas fa-exclamation-triangle text-xl"></i>
                    </div>
                    <h3 class="text-xl font-semibold mb-3">数据泄露风险</h3>
                    <p class="text-gray-600">未经授权的访问可能导致敏感信息泄露，给企业带来重大损失和声誉风险。</p>
                </div>
                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <div class="w-12 h-12 rounded-full bg-yellow-100 text-yellow-600 flex items-center justify-center mb-4">
                        <i class="fas fa-edit text-xl"></i>
                    </div>
                    <h3 class="text-xl font-semibold mb-3">数据篡改威胁</h3>
                    <p class="text-gray-600">恶意攻击可能破坏数据完整性，导致业务中断和数据不可用。</p>
                </div>
                <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                    <div class="w-12 h-12 rounded-full bg-green-100 text-green-600 flex items-center justify-center mb-4">
                        <i class="fas fa-balance-scale text-xl"></i>
                    </div>
                    <h3 class="text-xl font-semibold mb-3">合规性要求</h3>
                    <p class="text-gray-600">GDPR、等保2.0等法规对数据安全提出严格要求，不合规将面临重大处罚。</p>
                </div>
            </div>
            
            <div class="bg-blue-50 border-l-4 border-blue-600 p-6 rounded-r-lg mb-12">
                <h3 class="text-xl font-semibold text-blue-800 mb-3 flex items-center">
                    <i class="fas fa-shield-alt mr-2"></i>OSS数据安全防护体系
                </h3>
                <p class="text-gray-700">
                    通过多层次的安全措施，包括访问控制、数据加密和日志监控，确保数据的<strong>机密性</strong>、<strong>完整性</strong>和<strong>可用性</strong>。
                </p>
            </div>
        </div>
    </section>

    <!-- Core Measures -->
    <section class="py-16 bg-gray-50 px-4 md:px-0" id="measures">
        <div class="container mx-auto max-w-6xl">
            <div class="flex items-center mb-12">
                <div class="h-px bg-gray-200 flex-1"></div>
                <h2 class="text-3xl font-bold px-6 text-center">
                    <span class="text-blue-600">二、</span>OSS数据安全的核心防护措施
                </h2>
                <div class="h-px bg-gray-200 flex-1"></div>
            </div>
            
            <div class="grid md:grid-cols-3 gap-8 mb-16">
                <div class="bg-white rounded-xl shadow-md overflow-hidden card-hover">
                    <div class="bg-blue-600 p-4 text-white">
                        <h3 class="text-xl font-semibold flex items-center">
                            <i class="fas fa-user-shield mr-2"></i>2.1 访问控制
                        </h3>
                    </div>
                    <div class="p-6">
                        <ul class="space-y-3">
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                <span><strong>RAM权限管理</strong>：精细化控制用户访问权限</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                <span><strong>Bucket Policy</strong>：定义Bucket级别的访问策略</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                <span><strong>STS临时授权</strong>：短期有效的访问凭证</span>
                            </li>
                        </ul>
                    </div>
                </div>
                
                <div class="bg-white rounded-xl shadow-md overflow-hidden card-hover">
                    <div class="bg-purple-600 p-4 text-white">
                        <h3 class="text-xl font-semibold flex items-center">
                            <i class="fas fa-lock mr-2"></i>2.2 数据加密
                        </h3>
                    </div>
                    <div class="p-6">
                        <ul class="space-y-3">
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                <span><strong>服务器端加密</strong>：OSS自动加密存储数据</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                <span><strong>客户端加密</strong>：在数据上传前进行加密</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                <span><strong>KMS密钥管理</strong>：集中管理加密密钥</span>
                            </li>
                        </ul>
                    </div>
                </div>
                
                <div class="bg-white rounded-xl shadow-md overflow-hidden card-hover">
                    <div class="bg-indigo-600 p-4 text-white">
                        <h3 class="text-xl font-semibold flex items-center">
                            <i class="fas fa-chart-line mr-2"></i>2.3 日志与监控
                        </h3>
                    </div>
                    <div class="p-6">
                        <ul class="space-y-3">
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                <span><strong>访问日志</strong>：记录所有OSS操作</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                <span><strong>实时监控</strong>：异常访问实时告警</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                <span><strong>审计分析</strong>：定期审查访问记录</span>
                            </li>
                        </ul>
                    </div>
                </div>
            </div>
            
            <!-- Access Control Best Practices -->
            <div class="mb-16" id="access-control">
                <div class="flex items-center mb-8">
                    <div class="h-px bg-gray-200 flex-1"></div>
                    <h2 class="text-3xl font-bold px-6 text-center">
                        <span class="text-blue-600">三、</span>访问控制最佳实践
                    </h2>
                    <div class="h-px bg-gray-200 flex-1"></div>
                </div>
                
                <div class="grid md:grid-cols-3 gap-8 mb-12">
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-blue-600">3.1 RAM用户权限管理</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>// 创建RAM用户
public void createRAMUser(String userName) {
    CreateUserRequest request = new CreateUserRequest()
        .setUserName(userName);
    ramClient.createUser(request);
}

// 授权OSS访问权限
public void attachPolicyToUser(String userName, String policyName) {
    AttachPolicyToUserRequest request = new AttachPolicyToUserRequest()
        .setPolicyType("Custom")
        .setPolicyName(policyName)
        .setUserName(userName);
    ramClient.attachPolicyToUser(request);
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">通过RAM实现最小权限原则，严格控制用户访问范围。</p>
                    </div>
                    
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-blue-600">3.2 Bucket Policy配置</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void setBucketPolicy(String bucketName) {
    String policy = """
        {
            "Version": "1",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Principal": "*",
                    "Action": "oss:GetObject",
                    "Resource": "acs:oss:*:*:%s/*",
                    "Condition": {
                        "IpAddress": {
                            "acs:SourceIp": ["192.168.0.0/24"]
                        }
                    }
                }
            ]
        }
        """.formatted(bucketName);
    ossClient.setBucketPolicy(bucketName, policy);
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">基于IP白名单限制Bucket访问，防止未授权访问。</p>
                    </div>
                    
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-blue-600">3.3 STS临时授权</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public AssumeRoleResponse assumeRole(String roleArn) {
    AssumeRoleRequest request = new AssumeRoleRequest()
        .setRoleArn(roleArn)
        .setRoleSessionName("ts-session")
        .setDurationSeconds(3600); // 1小时有效期
    return stsClient.assumeRole(request);
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">短期有效的访问凭证，降低长期凭证泄露风险。</p>
                    </div>
                </div>
            </div>
            
            <!-- Data Encryption Strategies -->
            <div class="mb-16" id="encryption">
                <div class="flex items-center mb-8">
                    <div class="h-px bg-gray-200 flex-1"></div>
                    <h2 class="text-3xl font-bold px-6 text-center">
                        <span class="text-blue-600">四、</span>数据加密策略
                    </h2>
                    <div class="h-px bg-gray-200 flex-1"></div>
                </div>
                
                <div class="grid md:grid-cols-3 gap-8 mb-12">
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-purple-600">4.1 服务器端加密</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void uploadWithSSE(String bucketName, String objectName, InputStream inputStream) {
    ObjectMetadata metadata = new ObjectMetadata();
    metadata.setServerSideEncryption(ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION);
    ossClient.putObject(bucketName, objectName, inputStream, metadata);
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">OSS自动加密存储数据，简化加密流程。</p>
                    </div>
                    
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-purple-600">4.2 客户端加密</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void uploadWithClientEncryption(String bucketName, String objectName, InputStream inputStream) {
    // 使用AES加密
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    CipherInputStream encryptedStream = new CipherInputStream(inputStream, cipher);
    
    ossClient.putObject(bucketName, objectName, encryptedStream);
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">数据在传输前加密，实现端到端保护。</p>
                    </div>
                    
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-purple-600">4.3 KMS密钥管理</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void createKMSKey(String keyId) {
    CreateKeyRequest request = new CreateKeyRequest()
        .setKeyUsage("ENCRYPT/DECRYPT")
        .setOrigin("Aliyun_KMS");
    kmsClient.createKey(request);
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">集中管理密钥生命周期，确保密钥安全。</p>
                    </div>
                </div>
            </div>
            
            <!-- Logging & Monitoring -->
            <div class="mb-16" id="logging">
                <div class="flex items-center mb-8">
                    <div class="h-px bg-gray-200 flex-1"></div>
                    <h2 class="text-3xl font-bold px-6 text-center">
                        <span class="text-blue-600">五、</span>日志与监控配置
                    </h2>
                    <div class="h-px bg-gray-200 flex-1"></div>
                </div>
                
                <div class="grid md:grid-cols-3 gap-8 mb-12">
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-indigo-600">5.1 访问日志记录</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void enableAccessLogging(String bucketName) {
    SetBucketLoggingRequest request = new SetBucketLoggingRequest(bucketName)
        .setTargetBucket(bucketName)
        .setTargetPrefix("logs/");
    ossClient.setBucketLogging(request);
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">详细记录所有访问请求，便于审计追踪。</p>
                    </div>
                    
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-indigo-600">5.2 实时监控告警</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void createAlarm(String ruleName) {
    PutResourceMetricRuleRequest request = new PutResourceMetricRuleRequest()
        .setRuleName(ruleName)
        .setMetricName("OSS.RequestCount")
        .setPeriod(60) // 1分钟
        .setThreshold(1000) // 1000次请求
        .setContactGroups("ts-ops-group");
    cmsClient.putResourceMetricRule(request);
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">异常访问实时告警，快速响应安全事件。</p>
                    </div>
                    
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-indigo-600">5.3 审计日志分析</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void analyzeAuditLogs(String bucketName) {
    GetBucketLoggingRequest request = new GetBucketLoggingRequest(bucketName);
    BucketLoggingResult result = ossClient.getBucketLogging(request);
    // 处理日志数据
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">定期分析访问模式，发现潜在风险。</p>
                    </div>
                </div>
            </div>
            
            <!-- Advanced Security -->
            <div class="mb-16" id="advanced">
                <div class="flex items-center mb-8">
                    <div class="h-px bg-gray-200 flex-1"></div>
                    <h2 class="text-3xl font-bold px-6 text-center">
                        <span class="text-blue-600">六、</span>高级安全策略
                    </h2>
                    <div class="h-px bg-gray-200 flex-1"></div>
                </div>
                
                <div class="grid md:grid-cols-3 gap-8 mb-12">
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-blue-600">6.1 数据备份与恢复</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void backupData(String bucketName) {
    String backupBucket = bucketName + "-backup";
    ossClient.createBucket(backupBucket);
    
    ObjectListing objectListing = ossClient.listObjects(bucketName);
    for (OSSObjectSummary objectSummary : objectListing.getObjectSummaries()) {
        ossClient.copyObject(bucketName, objectSummary.getKey(), backupBucket, objectSummary.getKey());
    }
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">定期备份关键数据，防范数据丢失风险。</p>
                    </div>
                    
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-blue-600">6.2 数据版本控制</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void enableVersioning(String bucketName) {
    SetBucketVersioningRequest request = new SetBucketVersioningRequest(bucketName)
        .setStatus(VersioningStatus.Enabled);
    ossClient.setBucketVersioning(request);
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">保留历史版本，防止误删或恶意篡改。</p>
                    </div>
                    
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-blue-600">6.3 数据生命周期管理</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void setLifecycleRule(String bucketName) {
    LifecycleRule rule = new LifecycleRule("ts-rule")
        .setPrefix("logs/")
        .setStatus(RuleStatus.Enabled)
        .setExpirationDays(30); // 30天后删除
    ossClient.setBucketLifecycle(bucketName, new BucketLifecycle().addRule(rule));
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">自动清理过期数据，优化存储成本。</p>
                    </div>
                </div>
            </div>
            
            <!-- Case Study -->
            <div class="mb-16" id="case-study">
                <div class="flex items-center mb-8">
                    <div class="h-px bg-gray-200 flex-1"></div>
                    <h2 class="text-3xl font-bold px-6 text-center">
                        <span class="text-blue-600">七、</span>实战案例：敏感数据保护
                    </h2>
                    <div class="h-px bg-gray-200 flex-1"></div>
                </div>
                
                <div class="bg-white rounded-xl shadow-md p-8 mb-8 card-hover">
                    <h3 class="text-xl font-semibold mb-4 text-blue-600">7.1 需求场景</h3>
                    <ul class="list-disc pl-6 space-y-2 text-gray-700">
                        <li>存储用户隐私数据</li>
                        <li>防止数据泄露</li>
                        <li>满足GDPR合规要求</li>
                    </ul>
                </div>
                
                <div class="grid md:grid-cols-3 gap-8 mb-12">
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-blue-600">数据加密存储</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public String storeSensitiveData(String bucketName, String objectName, String data) {
    // 使用KMS加密
    EncryptRequest request = new EncryptRequest()
        .setKeyId("alias/ts-key")
        .setPlaintext(data.getBytes());
    EncryptResponse response = kmsClient.encrypt(request);
    
    // 存储加密数据
    ossClient.putObject(bucketName, objectName, new ByteArrayInputStream(response.getCiphertextBlob()));
    return objectName;
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">敏感数据使用KMS加密存储，确保机密性。</p>
                    </div>
                    
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-blue-600">数据访问控制</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void restrictAccess(String bucketName) {
    String policy = """
        {
            "Version": "1",
            "Statement": [
                {
                    "Effect": "Deny",
                    "Principal": "*",
                    "Action": "oss:*",
                    "Resource": "acs:oss:*:*:%s/*",
                    "Condition": {
                        "NotIpAddress": {
                            "acs:SourceIp": ["10.0.0.0/8"]
                        }
                    }
                }
            ]
        }
        """.formatted(bucketName);
    ossClient.setBucketPolicy(bucketName, policy);
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">严格限制访问来源，仅允许内网访问。</p>
                    </div>
                    
                    <div class="bg-white rounded-xl shadow-md p-6 card-hover">
                        <h3 class="text-xl font-semibold mb-4 text-blue-600">数据访问审计</h3>
                        <div class="code-block rounded-lg overflow-hidden mb-4">
                            <pre class="text-gray-200 p-4 text-sm"><code>public void monitorAccess(String bucketName) {
    GetBucketLoggingRequest request = new GetBucketLoggingRequest(bucketName);
    BucketLoggingResult result = ossClient.getBucketLogging(request);
    // 分析访问日志
}</code></pre>
                        </div>
                        <p class="text-gray-600 text-sm">监控所有访问行为，满足合规审计要求。</p>
                    </div>
                </div>
            </div>
            
            <!-- Security Framework Diagram -->
            <div class="mb-16">
                <div class="bg-white rounded-xl shadow-md p-8 card-hover">
                    <h3 class="text-2xl font-semibold mb-6 text-center text-blue-600">OSS数据安全防护体系框架</h3>
                    <div class="mermaid">
                        graph TD
                            A[OSS数据安全] --> B[访问控制]
                            A --> C[数据加密]
                            A --> D[日志监控]
                            
                            B --> B1[RAM权限管理]
                            B --> B2[Bucket Policy]
                            B --> B3[STS临时授权]
                            
                            C --> C1[服务器端加密]
                            C --> C2[客户端加密]
                            C --> C3[KMS密钥管理]
                            
                            D --> D1[访问日志]
                            D --> D2[实时监控]
                            D --> D3[审计分析]
                    </div>
                </div>
            </div>
        </div>
    </section>

    <!-- Footer -->
    <footer class="bg-gray-900 text-gray-300 py-8 px-4">
        <div class="container mx-auto max-w-6xl">
            <div class="flex flex-col md:flex-row justify-between items-center">
                <div class="mb-4 md:mb-0">
                    <h3 class="text-xl font-semibold text-white mb-2">技术小馆</h3>
                    <p class="text-sm">专业的云安全技术分享平台</p>
                </div>
                <div>
                    <a href="http://www.yuque.com/jtostring" class="text-blue-400 hover:text-blue-300 transition flex items-center">
                        <i class="fas fa-external-link-alt mr-2"></i>访问技术小馆
                    </a>
                </div>
            </div>
        </div>
    </footer>

    <script>
        // Initialize Mermaid
        mermaid.initialize({
            startOnLoad: true,
            theme: 'default',
            flowchart: {
                useMaxWidth: true,
                htmlLabels: true,
                curve: 'basis'
            }
        });
        
        // Add tooltip functionality
        document.addEventListener('DOMContentLoaded', function() {
            const tooltip = document.createElement('div');
            tooltip.className = 'mermaid-tooltip';
            document.body.appendChild(tooltip);
            
            document.querySelectorAll('.mermaid .node').forEach(node => {
                node.addEventListener('mouseover', function(e) {
                    const rect = this.getBoundingClientRect();
                    tooltip.style.display = 'block';
                    tooltip.style.top = (rect.top + window.scrollY - 40) + 'px';
                    tooltip.style.left = (rect.left + window.scrollX) + 'px';
                    tooltip.textContent = this.textContent.trim();
                });
                
                node.addEventListener('mouseout', function() {
                    tooltip.style.display = 'none';
                });
            });
        });
    </script>
</body>
</html>